<?php


 
// username and password sent from form 
$username=$_POST['name']; 
$password=$_POST['password']; 
$passwordRepeat=$_POST['passwordRepeat']; 
$email=$_POST['email']; 
$work_address=$_POST['work_address']; 
$phone_number=$_POST['phone_number']; 
$real_name=$_POST['real_name']; 

//echo $_POST['myusername']."<br>";
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$passwordRepeat = stripslashes($passwordRepeat);
$work_address = stripslashes($work_address);
$phone_number = stripslashes($phone_number);
echo $password." vs ".$passwordRepeat;
if($password!=$passwordRepeat){
echo "not equal";
}
if(strlen($password)<4){
	header("location:../index.php?page=current_user&stat=error&error=less");
	return;
}
if(strlen($password)>10){
	header("location:../index.php?page=current_user&stat=error&error=more");
	return;
}

if($password!=$passwordRepeat){
	header("location:../index.php?page=current_user&stat=error&error=match");
	return;
}
$sql="SELECT * FROM `user` WHERE name='$username'";

//$sql="SELECT * FROM `user`";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
	 session_start(); 
	$session=session_id();
	$sql="UPDATE `user` SET password='$password', email='$email', work_address='$work_address', phone_number='$phone_number', real_name='$real_name' WHERE name='$username'";
   mysql_query($sql);
	
$row = mysql_fetch_array($result);
	
 
 // makes an array 
 // adds it to our session 

 $_SESSION['password']=$password;
// Register $myusername, $mypassword and redirect to file "login_success.php"
//
//print_r($_SESSION);
header("location:../index.php?page=current_user&stat=success");
}
else {
	//header("location:../index.php?error=login");
echo "帐户不存在";
}
?>